From 2010 to 2011, losses linked to card skimming, card trapping, cash trapping and ATM transaction reversal fraud fell 13 percent, from 268 million euros (U.S. $353.5 million) to 234 million euros (U.S. $308.7 million). But the total number of ATM attacks is up 63 percent, a substantial increase.

The reason for the jump: Cash trapping, which, like it sounds, blocks an ATM's cash dispenser shutter so that bills cannot be presented. Cash trapping incidents alone were up astronomically, from 240 incidents in 2010 to 10,808 incidents in 2011.

Skimming attacks, card trapping and transaction reversal events were either down or remained steady.

"We saw about 4,000 attacks during the first half of the year," says Lachlan Gunn, co-founder and director of EAST. "It went wild because we hadn't woken up to it. The one certain ATM model that was getting hit has addressed it now, and we saw the attacks fall in the last six months of the year."

After strengthening the defenses around the dispenser shutter, the security of the card reader on the ATM model, which Gunn would not name, was improved.

"By sharing timely information and statistics, EAST members continue to assist each other to tackle evolving threats and trends," Gunn says. "There was a surge, but this slowed during the second six month period."

ATM Related Fraud Attacks By Number of Incidents 2011 (Full Year)

Skimming Remains No. 1 Concern

Though considered a low-tech crime, cash trapping is on the rise because it gets around advanced chip technology. As most financial institutions in the Single Euro Payments Area complete their mandated migrations from magnetic-stripe card technology to the Europay, MasterCard, Visa chip standard, fraudsters are finding new ways to attack ATMs.

Still, the majority of financial losses linked to ATM fraud come from counterfeit cards created from skimmed mag-stripe details. Because EMV cards include both chips and mag-stripes, even if the mag-stripe is not read by the card reader, it can still be skimmed.

In 2011, skimming attacks fell, and so did the financial losses. Attacks were down 26 percent and losses were down 13 percent, totaling 232 million euros (U.S. $306 million). Still, the losses linked to skimming account for most of Europe's ATM fraud losses.

"While ATM-related card skimming incidents and losses have fallen across Europe as a whole, some countries have seen increases, in some cases significant increases. Most of those losses are linked to the U.S.," Gunn says, where adoption of chip-based card technology is not widespread.

Nearly 80 percent of ATM-related skimming losses come from markets where EMV is not mandated. The top three countries for fraud were the United States, the Dominican Republic and Colombia.

% European ATM EMV Compliance

"The drop in losses indicates the benefits of the EMV deployment and also that fraud countermeasures such as geo-blocking, fraud monitoring capabilities and fraud detection continue to improve," Gunn says.

How Banks Are Fighting Back

Gunn says information-sharing is assisting banks with tracking fraud migration trends. When upticks in cash-trapping, for instance, were isolated to a certain ATM model, addressing the fraud trend was relatively easy.

Other investments in fraud detection and monitoring, which alerts banks when an ATM's fascia has been tampered, are having an impact, too. Of course, the migration to EMV is helping banks control and reduce fraud as well.

The European Central Bank said for this year all SEPA cards should be issued, by default, to chip, Gunn says. "So within Europe, the Central Bank is keen to get rid of magnetic stripes on cards, as it will reduce losses."

But geo-blocking seems to be the most prevalent step European banks are taking to curb fraud, since so many losses are resulting from other international markets.

Geo-blocking, which prevents a cloned or counterfeit card from being used outside a certain country or region, is helping European banks control fraud linked to skimming. Gunn says he expects more geo-blocking to occur in 2012, as banking institutions enhance their efforts to curb losses.

"Once you've invested all that money into EMV, it kind of makes sense to close off the weak points," he says.

About the Author

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.